Organization of a vpn channel between offices programmatically. VPNs based on MPLS technology

What to do if you need to connect remote offices and connect them to one local network or connect to local network office of remote workers?

The Internet is developing rapidly, giving any computer owner access to unlimited information resources... Access to corporate network at any time and from any place quickly turns into mandatory requirement the business world. More and more companies are striving to introduce technologies that allow organizing joint work, regardless of the geographical location of employees or customers. Employees on business trips can access the corporate network directly from their hotel rooms, while those who work from home keep in touch with corporate headquarters in real time. Until recently, this required expensive equipment and communication channels, which were also expensive to rent.

What is VPN?

From the point of view of the consumer, VPN (virtual private network) is a technology with which you can organize remote secure access through open Internet channels to servers, databases, and any resources of your corporate network. With the help of virtual private network it is easy to combine offices or production facilities with each other, to provide guaranteed high-quality and secure communications throughout Russia or abroad. The main advantage of a VPN over dedicated communication channels is the preservation of the company's money, you see, this is not the last question for any person in our country, and indeed in the world in general.

VPN Features:

• high degree of protection against unauthorized access based on cryptography;
• work of the personnel of remote offices of the organization with applications and programs located in the main office (for example, with the 1C: Enterprise system);
• secure document flow between company offices;
• optimization of costs for providing access to information.

Solutions:

All VPN products can be divided into two categories - software and hardware. A number of companies such as Cisco Systems, NetScreen, Sonic offer a whole range of solutions that can scale depending on the number of simultaneous VPN connections with whom you plan to work. They are often easier and faster to configure, but the main disadvantage of hardware solutions is their very high cost.

VPN software solution - typically finished application commercial or free (OpenVPN) that is installed on a computer connected to the network? usually an internet gateway. For security and performance reasons, it is best to set aside VPN applications for installation individual machines, preferably a c * nix like OS.

How it works?

In its simplest form VPNs connect remote users or remote offices to the enterprise network. The connection diagram is very simple - remote user launches on your computer with Internet access, client program to connect to a remote office. In this case, the OpenVPN client is used. The program connects to the enterprise server and encrypts all traffic, and access is organized using an encrypted user key, on which a password can be set.

This creates a VPN channel, which is a "tunnel" through which data can be exchanged between two end nodes. This tunnel is "opaque" to all other users, including the ISP. VPNs are protected by powerful encryption algorithms built into the Internet Protocol Security (IPSec) standards.

Now you have some idea of ​​what a VPN is and how it works. If you are a leader - think about it, maybe this is exactly what you were looking for.

If you find this article helpful,
do not be lazy to like and share with your friends.

Please note that the task here is not to explain everything thoroughly technically correctly, the task is to explain "on the fingers" so that even novice users can understand. Hope it worked out. If you have any questions, ask them in the comments.

The essence of a VPN server is as follows... For example, you want to go to the site yandex.ru. More precisely, connect to a server with IP 77.88.21.11 (residents of the eastern regions of Russia can be sent to a server with a different IP, but that's not the point). When working without a VPN, your computer sends a packet (one might say, a request) directly to the server with the address 77.88.21.11 and receives a response from it. When working through VPN, your computer sends a packet to the VPN server, the VPN server sends the exact same packet to 77.88.21.11, 77.88.21.11 sends a response to the VPN server (because the VPN server originally sent the request), and the VPN server sends this packet to your computer.

What do we have? Requests to the address 77.88.21.11 are sent not by your computer, but by the VPN, respectively, the server 77.88.21.11 records exactly the IP VPN address-server, not your computer.

One of possible reasons VPN applications – the need to hide your IP address.

Another application is need to reroute traffic... Let's take a real life example. The author of this article lives in the city of Orel (Central Russia) and wants to connect to the yunpan.360.cn server located in Beijing. The author uses (more precisely, used at that time) the services of the Internet provider "Beeline". As shown by the tracert yunpan.360.cn command entered in the command Windows prompt, outbound internet traffic to this Chinese server goes through the US. Trace does not show how the traffic goes back, but judging by the ping, it goes roughly the same route. Below is a screenshot from the VisualRoute 2010 program.

This routing is due to the fact that Beeline did not pay backbone Internet providers for a more direct channel to China.

With this route, large packet loss occurs, the speed is low, and the ping is huge.

What to do? Use VPN. Such a VPN server, to which we have a direct route, and from which there is a direct route to yunpan.360.cn. I (the author of the article) searched for an acceptable solution for a very long time and eventually found it. Was rented virtual server(what it is, it will be later) in Krasnoyarsk (immediately imagine where the city of Krasnoyarsk is) from a hosting provider. Tracing to the server showed that traffic goes through Russia, ping 95 ms (I had a mobile LTE (4G) Internet, on wired internet ping will be 5-10 ms lower).

Ping Is the delay of the internet signal. The delay for the passage of Internet traffic in both directions (back and forth) is measured. Measure delay one way only by standard means impossible, because your computer sends a request to the pinged server and timed the response time.

In traces, the ping to each point (to each route point, otherwise called a hop - jump) is also shown for traffic in both directions.

It often happens that in different sides the route is different.

Next, a trace was made from the Krasnoyarsk server to yunpan.360.cn. Ping around 150 ms. Tracing showed that traffic from the Krasnoyarsk server to the Chinese server goes through direct peering ( interworking) Provider "Transtelecom" and "China Telecom".

Here is this very trace (made from under Linux):

tracepath yunpan.360.cn
1 ?: pmtu 1500
1: srx.optibit.ru 0.361ms
1: srx.optibit.ru 0.381ms
2: border-r4.g-service.ru 0.392ms
3: kyk02.transtelecom.net 0.855ms asymm 5
4: 10.25.27.5 112.987ms asymm 8
5: ChinaTelecom-gw.transtelecom.net 125.707ms asymm 7
6: 202.97.58.113 119.092ms asymm 7
7: 202.97.53.161 120.842ms asymm 8
8: no reply
9: 220.181.70.138 122.342ms asymm 10
10: 223.202.72.53 116.530ms asymm 11
11: 223.202.73.86 134.029ms asymm 12
12: no reply

What do we see? The Krasnoyarsk server is hosted (hosting is a service for hosting and renting server facilities) optibit.ru, connected to the Internet provider Game-Service (g-service.ru). Game-Service, in turn, lets traffic to yunpan.360.cn through the large Russian trunk provider Transtelecom (for which it pays money). TTK sends traffic through its direct inclusion to the network of the Chinese backbone provider China Telecom, the hop domain ChinaTelecom-gw.transtelecom.net tells us about this.

Let's remember what our problem was. Our traffic before that Chinese server went through the USA, the speed was low. What I've done? I installed VPN on this Krasnoyarsk server. And I configured my computer to work through this VPN server. What happened? Now the traffic to yunpan.360.cn did not go along the old route Orel-Moscow-USA-China, but like this:

first to the VPN server - Oryol-Krasnoyarsk,

then from the VPN server to Beijing - Krasnoyarsk-Beijing.

Got the point? We turned the route. What did it do? Speed outgoing connection from me to yunpan.360.cn has increased. The ping has been reduced. The result has been achieved.

How do you determine your route? For beginners, the easiest way to do this is to use the VisualRoute program, which can be found on the Internet in both licensed and hacked forms.

You need to run this program and set the following settings:

It will turn out like this:

From this table, you can see which countries the traffic goes through. Once again I draw your attention to the fact that the trace shows the route only outgoing traffic(that is, traffic from your computer to the server). Route to reverse side can only show a trace taken from the server to your computer. VisualRoute has a small glitch: it often shows Australia (?) as a country when it cannot determine the true geolocation of the site.

VPN- Virtual private network- a virtual private network is, one might say, its own network over the Internet, all traffic inside which is encrypted. You can study this technology in detail and. If you explain it completely on the fingers, then:

• your computer and VPN server connect over the internet
• all traffic between you and the VPN server is encrypted
• The VPN server sends it to its destination
• your IP is hidden, instead of it you can see the IP address of the VPN server

It is recommended to use VPN when working via free (or just someone else's) WiFi, since it is possible to intercept all traffic passing through the WiFi router. And when using a VPN, all traffic will be encrypted. Moreover, if you go to yandex.ru, vk.com and google.ru without a VPN, then at the level of the router and your Internet provider, connections to yandex.ru, vk.com and google.ru will be recorded. When using a VPN, all connections go to the address VPN Server.

There are many paid services VPN. Their advantages include only ease of use. Among the shortcomings should be highlighted high cost, lack of 100% confidentiality (you can write a lot, but what actually happens on the VPN server, whether traffic is intercepted, is impossible to guarantee). The inability to change the IP address in a couple of clicks should also be attributed to the disadvantages of paid services.

Let's compare the cost of our self-configured solution and paid VPN services. The latter cost around 300 rubles. per month. Our solution will cost $ 0.007 per hour. We don’t use VPN right now - we don’t pay. When used for 2 hours every day for 30 days, this pleasure will cost us 30-50 rubles.

We will do the following:

1. We rent a server for VPN.
2. Let's set up a VPN on it.
3. We will use them and pay only for each hour real use VPN.

Step # 1. Server rent.

No, rent full server we will not. We rent virtual server - VPS(virtual private server). In very many cases, hosting sites on the Internet or for other purposes (including for organizing a VPN) does not require large server capacities, but it is necessary to customize the server operating system "for yourself". Simultaneously, several operating systems cannot work on one computer (including a server, because this is the same computer, only usually more powerful). How to be? Virtual machines come to the rescue. This technology allows the operating system to run inside operating system what is called virtualization. In the case of servers, analogs of virtual machines are also created - virtual servers.

There are several common virtualization technologies. The most common ones are OpenVZ, KVM, Xen. Roughly speaking, Xen and KVM for each virtual machine they create their own "hardware imitation", their own OS, and so on. In the case of OpenVZ, a common OS kernel is used, as a result of which some functions (for example, making edits to the OS kernel) become unavailable, or they can be enabled and disabled only for all VPS at once. VPS on Xen and KVM, as a rule, are more stable in operation, however, the difference is significant only for large projects for which server fault tolerance is critical.

VPS on OpenVZ is always cheaper, since one virtual server requires fewer resources. Due to the lower price, we will turn our attention to VPS based on OpenVZ.

Attention! Some hosting companies (companies providing server rental services) intentionally block VPN operation on OpenVZ-based servers! Therefore, before renting such a server, you need to check with the support service (at good hosting it should respond within 15 minutes, maximum an hour), whether the VPN will work.

To work on a personal VPN server, the minimum configuration is enough - 256 MB of RAM and 0.5-1 GHz processor... However, not all hosting providers provide VPS with 256 MB of RAM: many minimum tariff- 512 MB of RAM. This VPS is enough for us.

What other criteria for choosing a VPS are there? As you already understood, Internet traffic will constantly "go" from you to the VPS and back. Therefore, the main canals must have sufficient throughput round trip. In other words, the speed of the Internet connection between your computer and the VPS should be sufficient to perform the tasks you require. For everyday comfortable work 15 Mbps is enough, and if you are going to download torrents via VPN, then you may need all 100 Mbps. But! If you and the VPS are on the networks of different Internet providers (especially in different cities), it is unlikely backbone networks Will "pull" more than 70 Mbit / s within Russia (or your country) and more than 50 Mbit / s with servers in Europe.

Most hosting services require a monthly payment. It should be noted right away that the range of prices is very large with approximately the same quality. We will use services with an hourly rate: $ 0.007 per hour of our server's work. Thus, if we use VPN for 2 hours every day, then we will pay about 30 rubles per month. Agree, this is not 350 rubles / month for a paid VPN service!

The first step is to go to the website and register:

Next, a page will open on which you need to specify the data of your bank card... Without this, the system will not work and will not provide an opportunity to use the bonus 10 dollars (more on that later). You can specify any data, the system will "eat" fake.

In this case, an amount of several rubles may be blocked on your card, which will then be returned. Your card will be debited only after the servers are used.

What if there is no bank card? Get yourself, it automatically gives you a virtual card, the balance of which is equal to the balance of the wallet. You can replenish your wallet almost everywhere, see.

However, if you enter the Kiwi card details into DigitalOcean, the system will "spit it out", referring to the fact that DigitalOcean does not work with prepaid and virtual cards... In this case, you need to top up your balance by $ 5 through PayPal by paying with a Kiwi card.

After all this, on the same page in your DigitalOcean personal account, enter the promo code DROPLET10, crediting us with 10 dollars, which we can fully use on the server, without fear of additional debits from our card.

Ready! Now let's move on to creating a VPS. Watching the video tutorial:

Choose OS when creating a server Ubuntu versions 14.04, and not any newer, incl. don't choose 16.04.

Server location		Ping domain
Frankfurt, Germany	http://speedtest-fra1.digitalocean.com/	speedtest-fra1.digitalocean.com
Amsterdam-1, Netherlands	http://speedtest-ams1.digitalocean.com/	speedtest-ams1.digitalocean.com
Amsterdam-2	http://speedtest-ams2.digitalocean.com/	speedtest-ams2.digitalocean.com
New York-1, USA	http://speedtest-ny1.digitalocean.com/	speedtest-ny1.digitalocean.com
New York-2	http://speedtest-ny2.digitalocean.com/	speedtest-ny2.digitalocean.com
New York-3	http://speedtest-ny3.digitalocean.com/	speedtest-ny3.digitalocean.com
San Francisco, USA	http://speedtest-sfo1.digitalocean.com/	speedtest-sfo1.digitalocean.com
London, Great Britain	http://speedtest-lon1.digitalocean.com/	speedtest-lon1.digitalocean.com
Singapore	http://speedtest-sgp1.digitalocean.com/	Speedtest-sgp1.digitalocean.com

Note. Amsterdam or Frankfurt is suitable for most residents of Russia and the CIS countries (ping to Frankfurt in most cases will be slightly less than to Amsterdam). I recommend residents of the Russian Far East to test Singapore and compare the indicators with European servers.

Server locations abroad will allow using a VPN bypass bans government agencies to visit certain sites (if this is relevant to you).

DigitalOcean's price includes 1 terabyte (1024 GB) of traffic (see). Most of this will be enough with their heads. The rest of the hosting services have formally unlimited traffic, but it becomes unprofitable for them when the threshold of 1-2 TB / month is reached.

That's it, we ordered a VPS. Congratulations. Now it's time to move on to setting it up.

Step # 2. VPN setup.

Don't be alarmed, the process of setting up your own VPN is as easy as two or two!

In the video tutorial above, we connected to our server using Putty. Now let's continue.

Copy and paste (by right-clicking, as we did in the video tutorial) the command:

Now copy and paste the following into the opened file editing window:

Press Ctrl + O, then Enter.

Press Ctrl + X.

Copy and paste the command:

Enter 1 and press Enter. We wait. According to the system's requests, enter the desired username and press Enter. Likewise with a password. For the questions “[Y] / [N]” enter Y and press Enter. After completing the configuration, our username and password and the IP address of the server will be shown.

Ready! VPN is configured!

Now open the "Network Control Center and general access»Windows:

We select the setting of a new connection:

We select "Connection to the workplace":

We are waiting a little. We are now working via VPN! To make sure of this, go to and make sure that our IP address shown to us matches the IP address of our VPS.

Now attention! Across Personal Area DigitalOcean, we can turn off our VPS (droplet in DigitalOcean terminology), however, even for the server when it is turned off, it is written off Money at the standard rate. Therefore, we will do backup our server, delete it, and when we need the VPN again, we'll restore it from a backup!

Let's go to server management (the DigitalOcean control panel is located at cloud.digitalocean.com, you can enter it through the Sign In button on the digitalocean.com main page in the upper right corner).

We need to create a backup (snapshot) of our VPS. But to do this, you first need to turn it off.

We are waiting for about a minute until the server turns off. Then go to the Snapshots section, enter an arbitrary name for the snapshot and create it:

For each gigabyte of "weight" of our VPS when creating a picture, 2 cents will be charged. It will take a few minutes to create a backup (snapshot).

Now we remove the server:

Everything! No more money is debited from us.

What to do when you need a VPN again

We need to create a new VPS from the backup we made before.

Click "create a droplet":

Now, as before, enter any server name in Latin letters without spaces, select the first minimum tariff, the region must be the same, as the one in which we had the server before.

Below we click on the name of the picture that we took (it was gray, but should turn blue):

... and click the big green "Create droplet" button.

We are waiting for about a minute.

Let's see if the IP address of our server matches the previous one. If so, then in Windows we simply resume the previously created connection:

If not, then click right click mouse on the name of our connection and change the IP address to a new one:

Enter a new IP and click "OK":

Attention! Now, to turn off the VPN, we do not need to make a backup, we just delete the server right away, and next time we will restore everything from the old snapshot. It is not necessary to shut down the server before deleting it. Just in case, the following procedure is in the screenshots:

We removed the VPS for a while. using VPN... Now let's restore it from the old snapshot:

Again, we check if the old IP is preserved and continue working.

On the same server (or another one), you can raise your personal proxy, for example, to the 3proxy software base, but this is not the topic of this article.

Found a typo? Press Ctrl + Enter

From year to year electronic communication is improving, and to information exchange ever higher demands are placed on speed, security and quality of data processing.

And here we will take a closer look vpn connection: what is it, what is it for vpn tunnel and how to use vpn connection.

This material is a kind introductory remarks to the series of articles, where we will tell you how to create a vpn on various OS.

vpn connection what is it?

So, a virtual private network vpn is a technology that provides a secure (closed from external access) communication of a logical network over private or public in the presence of high-speed Internet.

Such a network connection of computers (geographically distant from each other at a considerable distance) uses a point-to-point connection (in other words, “computer-to-computer”).

Scientifically, this type of connection is called vpn tunnel (or tunnel protocol). You can connect to such a tunnel if you have a computer with any operating system that has an integrated VPN client capable of forwarding virtual ports using the TCP / IP protocol to another network.

What is vpn for?

The main vpn advantage is that negotiating parties need a connectivity platform that not only scales quickly, but also (primarily) ensures data confidentiality, data integrity, and authentication.

The diagram clearly shows the use of vpn networks.

The rules for connections via a secure channel must be preliminarily written on the server and router.

How vpn works

When connecting via vpn, the message header contains information about the ip-address of the VPN server and the remote route.

Encapsulated data traversing a shared or public network, cannot be intercepted because all information is encrypted.

The VPN encryption stage is implemented on the sender's side, and the data is decrypted at the recipient by the message header (if there is a common encryption key).

After correct decryption messages between the two networks, a VPN connection is established, which also allows working in a public network (for example, exchanging data with the client 93.88.190.5).

Concerning information security then the Internet is extremely unsecured network, a VPN network with OpenVPN, L2TP / IPSec, PPTP, PPPoE protocols - completely secure and in a safe way data transmission.

What is a vpn channel for?

vpn tunneling is used:

Inside the corporate network;

For combining remote offices, as well as small branches;

For service digital telephony with a wide range of telecommunication services;

To access external IT resources;

For the construction and implementation of video conferencing.

Why do you need vpn?

vpn connection is required for:

Anonymous work on the Internet;

Downloading applications, in the case when the ip address is located in another regional zone of the country;

Safe work in corporate environment using communications;

Simplicity and convenience of connection settings;

Security high speed connections without breaks;

Creation of a secure channel without hacker attacks.

How to use vpn?

There are endless examples of how vpn works. So, on any computer in the corporate network, when establishing a secure vpn connection, you can use mail to check messages, publish materials from anywhere in the country or download files from torrent networks.

Vpn: what is it in a phone?

Access via vpn on your phone (iPhone or any other android device) allows you to use the Internet in in public places maintain anonymity, as well as prevent traffic interception and device hacking.

A VPN client installed on any OS allows you to bypass many of the provider's settings and rules (if the provider has set any restrictions).

Which vpn to choose for the phone?

Android mobile phones and smartphones can use applications from Google Playmarket:

• - vpnRoot, droidVPN,
• - tor browser for surfing networks, aka orbot
• - InBrowser, orfox (firefox + tor),
• - SuperVPN Free VPN Client
• - OpenVPN Connect
• - TunnelBear VPN
• - Hideman VPN

Most of these programs serve for the convenience of "hot" system configuration, placement of launch shortcuts, anonymous Internet surfing, and the choice of the type of connection encryption.

But the main tasks of using a VPN on your phone is to check corporate mail, creating video conferencing with several participants, as well as holding meetings outside the organization (for example, when an employee is on a business trip).

What is vpn in iPhone?

Let's consider which VPN to choose and how to connect it to an iPhone in more detail.

Depending on the type of network supported, when you first start the VPN configuration in the iphone, you can select the following protocols: L2TP, PPTP and Cisco IPSec (in addition, you can "make" a vpn connection using third-party applications).

All of these protocols support encryption keys, password authentication and certification.

Among additional functions when setting up a VPN profile in an iPhone, you can note: RSA security, encryption level and authorization rules for connecting to the server.

For phone iphone from the appstore you should choose:

• - free app Tunnelbear, with which you can connect to VPN servers in any country.
• - OpenVPN connect is one of the best VPN clients out there. Here, to run the application, you must first import the rsa keys through itunes into your phone.
• - Cloak is a shareware application, because for some time the product can be "used" for free, but to use the program after the demo period has expired, you will have to buy it.

VPN Creation: Selecting and Configuring Equipment

For corporate communications in large organizations or associations remote friend from other offices use hardware capable of supporting uninterrupted, secure network operations.

To implement vpn technologies, the following can act as a network gateway: Unix servers, Windows Server, network router and the network gateway on which the VPN is raised.

The server or device used to vpn creation enterprise network or vpn channel between remote offices, must perform complex technical tasks and provide a full range of services to users on both workstations and mobile devices.

Any router or vpn router must provide reliable work in the network without "freezing". And the built-in vpn function allows you to change the network configuration for work at home, in an organization or a remote office.

Configuring vpn on a router

V general case vpn setting on the router using the router's web interface. On "classic" devices for vpn organization you need to go to the "settings" or "network settings" section, where you select the VPN section, specify the type of protocol, enter the settings for your subnet address, mask and specify the range of ip-addresses for users.

In addition, for the security of the connection, you will need to specify encryption algorithms, authentication methods, generate negotiation keys and specify DNS server WINS. In the "Gateway" parameters, you need to specify the gateway ip-address (your own ip) and fill in the data on all network adapters.

If there are several routers in the network, it is necessary to fill in the vpn routing table for all devices in the VPN tunnel.

Here is a list of the hardware used to build VPN networks:

Dlink routers: DIR-320, DIR-620, DSR-1000 with new firmware or D-Link DI808HV router.

Cisco PIX 501, Cisco 871-SEC-K9 Routers

Linksys Rv082 router with 50 VPN tunnels support

Netgear router DG834G and routers FVS318G, FVS318N, FVS336G, SRX5308

Mikrotik router with OpenVPN function. RouterBoard RB / 2011L-IN Mikrotik example

Vpn equipment RVPN S-Terra or VPN Gate

ASUS Routers RT-N66U, RT-N16 and RT N-10

ZyXel routers ZyWALL 5, ZyWALL P1, ZyWALL USG

Although the topic is hackneyed, nevertheless, many often find it difficult - be it a beginner System Administrator or just an advanced user, who was forced by his superiors to perform the functions of an enikeys. Paradoxically, despite the abundance of information on VPN, finding an intelligible option is a whole problem. Moreover, one even gets the impression that one wrote - while others brazenly copied the text. Eventually, search results literally littered with abundance unnecessary information, from which the standing can rarely be isolated. Therefore, I decided in my own way to chew all the nuances (maybe someone will come in handy).

So what is a VPN? VPN (VirtualPrivateNetwork- virtual private network) is a generalized name for technologies that provide one or more network connections (logical network) over another network (including the Internet). Depending on the protocols used and the purpose, a VPN can provide connections of three species: node-node, node-network and net-net. As they say, no comment.

VPN stereotyped scheme

VPN allows you to easily combine a remote host with a local network of a company or another host, as well as combine networks into one. The benefit is quite obvious - we are easy with VPN client we get access to the enterprise network. In addition, a VPN also protects your data with encryption.

I do not pretend to describe to you all the principles of VPN operation, as there is a mass of special literature, and to be honest, I myself do not know a lot of things. Nevertheless, if your task is "Do it!", You need to urgently get involved in the topic.

Let's look at a problem from my personal practice, when it was necessary to connect two offices via VPN - the head office and the branch office. The situation was further complicated by the fact that the head office had a video server that was supposed to receive video from the IP camera of the branch. Here is a brief task for you.

There are many solutions. It all depends on what you have at hand. In general, a VPN is easy to build using an iron solution based on various Zyxel routers... Ideally, it may happen that the Internet is distributed to both offices by one provider and then you will not have any problems at all (you just need to contact the prov). If the company is rich, then it can afford CISCO. But usually everything is solved by software.

And here the choice is great - Open VPN, WinRoute (note that it is paid), operating system tools, programs like Hamanchi (to be honest, in rare cases it can help out, but I do not recommend relying on it - the free version has a limit of 5 hosts and another significant disadvantage is the fact that your entire connection depends on the Hamanchi host, which is not always buzzing). In my case, it would be ideal to use OpenVPN - free program that can easily create a reliable VPN connection. But we, as always, will follow the path of least resistance.

At my branch, the Internet is distributed by a gateway based on client Windows. I agree, not the best solution, but for a troika client computers enough with the head. I need to make a VPN server from this gateway. As you are reading this article, you are confident that you are new to VPN. Therefore, for you, I give the simplest example, which, in principle, suits me.

V Windows families NT already has rudimentary server capabilities embedded. Setting up a VPN server on one of the machines will not be difficult. As a server, I will give examples Windows screenshots 7 but general principles will be the same as for old XP.

Please note that to connect two networks, you need to they had a different range! For example, in the head office, the range might be 192.168.0.x, and in the branch office, it might be 192.168.20.x (or any gray ip range). This is very important, so be careful. Now, you can start setting up.

Go to the VPN server in Control Panel -> Network and Sharing Center -> Change adapter settings.

Now press Alt key by calling up the menu. There, in the File item, you need to select "New incoming connection".

Check the boxes for users who can log in via VPN. I highly recommend adding a new user, giving them a friendly name, and assigning a password.

After you have done this, you need to select in the next window how users will connect. Check the box "Via the Internet". Now you just need to assign a range of addresses virtual network... Moreover, you can choose how many computers can participate in the data exchange. In the next window, select the TCP / IP version 4 protocol and click "Properties":

You will have what I have in the screenshot. If you want the client to get access to the local network where the server is located, just check the box "Allow callers to access the local network". In the section "Assigning IP addresses", I recommend specifying the addresses manually according to the principle I described above. In my example, I gave the range only twenty-five addresses, although I could just specify two and 255.

After that, click on the "Allow access" button.

The system will automatically create a VPN server that will be lonely waiting for someone to join it.

Now the only thing left is to configure the VPN client. On the client machine, also go to the Network and Sharing Center and select Setting up a new connection or network... Now you will need to select the item "Connecting to the workplace"

Click on "Use my Internet connection and now you will be thrown into the window where you will need to enter the address of our Internet gateway at the branch. I have it in the form 95.2.x.x

Now you can call the connection, enter the username and password that you entered on the server and try to connect. If everything is correct, then you will connect. In my case, I can already send a ping to any branch office computer and request a camera. Now its mono is easy to hook to the video server. You may have something else.

Alternatively, when connecting, error 800 may pop up, signaling that something is wrong with the connection. This is either a client or server firewall issue. Specifically, I cannot tell you - everything is determined experimentally.

That's how unpretentious we created a VPN between two offices. Players can be combined in the same way. However, do not forget that this will still not be a full-fledged server and it is better to use more advanced tools, which I will talk about in the next parts.

In particular, in part 2 we will consider OPenVPN setting for Windows and Linux.

A good thing about a private virtual network (VPN) is that it provides the user with a secure or trusted channel with another PC without the need to provide a dedicated communication channel. It is created on top of another network - the Internet, for example.

Windows has built-in tools for establishing a VPN connection between computers hosted on long distances... Let's establish a VPN tunnel between two PCs that are controlled by the Windows environment.

Let's create the server side

The connection of remote clients to the VPN network is organized through a special access server. From the incoming connection, it may require the passage of identification and authentication procedures. He knows which users have access to the virtual network. Also, it has information about the allowed IP-addresses.

To set up a VPN access server in the Network Control Center, open the adapter settings change applet. If the main menu of the applet is not displayed, press the "Alt" button. At the top of the applet, the main menu should appear, in which you should find the "File" item, and then select "New incoming connection". Let's consider in more detail.

In the control panel, go to "Network and Internet".

On the next step we will open a network center.

Let's create a new incoming connection.

The window that appears will offer to choose from existing users or define a new one who will be allowed to connect to this PC.

When adding a new "user" you need to specify the name and password with which he will be allowed to connect to the VPN access server.

In the next step, the Private Network Setup Wizard will ask how users will connect.

It is necessary to indicate that they will do this over the Internet, so check the required option.

The next step is related to establishing network applications that should accept incoming connections. Among them is the Internet Protocol Version 4 (TCP / IPv4) component. You will need to open its properties and manually enter the range of IP addresses that are allowed to access the server.

Otherwise, leave this case to the DHCP server for automatic detection"Aypishnikov". In our case, we needed to manually define them.

After processing the entered data, the access server will receive the required information to grant the necessary permissions to authorized users. At the same time, the system will prompt the name of the computer, which will be needed in the future.

As a result, we will get the following result. There are no connected clients yet.

Configuring the client

Modern networks are most often built according to client-server architecture... It allows you to highlight main computer v networked environment... Clients initiate requests to the server and are the first to attempt to connect to the server.

We have already configured the server side of this architecture. Now it remains to establish the work of the client part. The client must be another computer.

V network center another PC (client), we will establish a new connection.

We need to connect directly to the workplace.

Again, let's turn to the network Windows Center only now another PC. Let's select the option to configure a new connection. The applet that appears will offer several options to choose from, however, we need the option to connect to the workplace. The wizard will ask how to make the connection. We need to opt for setting up an Internet connection (VPN).

In the next step, the wizard will ask you to specify the IP address of the VPN access server and assign a destination name. The IP address of the access server can be found on our first computer by entering in command line ipconfig command. The IP address of the Ethernet network will be the desired address.

Then, the system will apply all the entered settings.

Let's connect

Time X for our experiment is to make a client connection to the server side of our network. In the network center, select the "Connect to the network" option. In the window that appears, click VPN-Test (we indicated the destination with this name) and click the connect button.

This will open the VPN-Test connection applet. V text fields we will indicate the name and password of the "user" for authorization on the access server. If everything goes well and our user not only registers in the network, but can also fully connect to the access server, then the designation of the connected "user" will appear on the opposite side.

But sometimes, this kind of error can happen. The VPN server is not responding.

Click on the tab for incoming connections.

On the marked tab, open the properties of the IP protocol.

Let's set the option to specify IP addresses explicitly and write down which "IP addresses" need to be served.

When we reconnect, we will see the following picture. The system shows us that one client is connected and this vpn client (SimpleUser).

Short summary

So, to establish a VPN network between two PCs, you need to decide which of them should become the "main" one and play the role of a server. The rest of the PCs must be connected to it through the authorization system. Windows has tools to provide a back end for our network. It is configured by creating a new incoming connection, specifying the user, and also applications that should accept the connection. The client is configured by establishing a connection to the workplace, specifying the user and the data of the server to which this user should connect.